This invention relates to programmable hardware devices and more particularly to an apparatus and method of securely configuring programmable hardware devices that are reprogrammed when powered up.
Programmable hardware devices are general-purpose, combinational or sequential digital components that can be programmed to perform a certain function. They are also referred to as programmable logic devices (PLDs) or programmable arrays, and part of their basic structure includes a matrix of programmable logic modules or switches that can be configured to implement a complex circuit that performs a certain function. The programmable logic modules can consist of nodes of fuses, antifuses, floating-gate metal oxide semiconductor (MOS) transistors, random access memory (RAM) cells, or static RAM (SRAM) cells.
Fuse and antifuse based programmable hardware devices are physically programmed by having the fuse nodes xe2x80x9cblownxe2x80x9d into a permanently on or off state. Floating gate, or flash, memory cells are nonvolatile and remain electrically programmed until erased. RAM based cells are volatile and must be electrically programmed each time the programmable hardware device is powered-up. Both flash and RAM based cells are programmed by providing to the programmable hardware device a data stream of configuration information. The configuration information defines a function that each programmable logic module will perform, or collectively defines the combinational function of the programmable hardware device. The configuration information is usually highly sensitive and proprietary information.
Programmable hardware devices can generally be classified according to one of two categories: one-time programmable; and reprogrammable. In the first category, the programmable logic modules of the device are programmed once, usually where the device is manufactured, such as with fuse and antifuse based devices. Such devices are permanently nonvolatile, meaning their configuration can not be changed once the device is programmed. In the second category, the configuration information is stored first in an external source such as a memory. The configuration information is downloaded into the device to configure the logic modules. To reprogram the device, an existing configuration of the programmable logic blocks is deliberately erased and another configuration is downloaded, such as with flash memory, or power is simply removed and another configuration is downloaded upon power-up, such as with RAM.
The present invention is directed to configuring programmable hardware devices of the second category. FIG. 1 shows a simplified block diagram of a prior art system 100 for configuring a reprogrammable hardware device 110 from an external host 130 or other external memory source. The basic architecture of a programmable hardware device 110 includes a matrix of programmable logic modules 120 surrounded by an addressable interconnection network 135. Each logic module 120 may be any one of a variety of circuits capable of being programmed to implement all logic functions having one or more inputs. Such circuits include transistor-based registers, multiplexers, or look-up tables. Often, they also contain sequential elements such as flip-flops or latches. In gate array technology, the interconnection pattern is defined by metallization layers applied over a programmable logic module pattern at the final stage of manufacture.
The interconnect network 135 is connected by input/output blocks (I/O) 145 to a configuration engine 140 that configures the logic modules 120 according to configuration information, or a program, received from the host 130 via a communications channel 150. The configuration engine contains a memory for storing the configuration information, which memory can be flash, such as erasable programmable read only memory (EPROM) and electrically erasable programmable ROM (EEPROM), or static RAM (SRAM). Host 130 may be a memory, a processor linked to a memory, or connected to a memory in a data network such as the internet. An example of a programmable hardware device as described above is described in greater detail in U.S. Pat. No. 5,744,980.
One problem that arises is that the communications channel 150 between the host 130 or external memory source and the programmable hardware device 110 is particularly vulnerable to monitoring by an outside xe2x80x9cattacker.xe2x80x9d By monitoring the download process of transferring configuration information from the host 150 to the programmable hardware device 110, an undesirable entity could gain enough information to reconstruct a proprietary configuration for their own applications. Accordingly, there is need for a system and method to securely download configuration information into a programmable hardware device.
The present invention provides a method and apparatus to securely configure a programmable hardware device to inhibit copying of configuration information which defines a programmable function of the device.
Secure configuration of a programmable hardware device is achieved in one embodiment of the invention by the steps of encrypting configuration information according to a cryptographic algorithm, transferring the encrypted configuration information from a host to the programmable hardware device, decrypting the configuration information according to the same cryptographic algorithm, and configuring a plurality of programmable logic modules in the programmable hardware device according to the configuration information.
In an alternate embodiment, the host receives the configuration information from an external memory source in encrypted form. The host may then store the encrypted configuration information for later transfer to the programmable hardware device.
In yet another embodiment, the host decrypts encrypted configuration information received from an external memory source. The host then again encrypts the configuration according to the same or a different cryptographic algorithm. The host transfers the again encrypted configuration information to the programmable hardware device.
In yet another embodiment, the present invention provides a novel download engine for programmable hardware devices. The download engine includes a data-in register having a communications channel for receiving encrypted configuration information from the external host, a cryptographic engine, coupled to the data-in register and configured to decrypt the encrypted configuration information according to a cryptographic algorithm, and an interface coupled to the cryptographic engine, for transferring the decrypted configuration information from the cryptographic engine to the programmable logic modules.